Smart contracts might not be as smart as you think

Blockchain technology has piqued the interest of enterprises worldwide. Its advantages, including immutability and transparency, have led legacy companies outside of finance, such as BMW and Bosch, to experiment with smart contracts to create more efficient supply chains and make smarter engineering products.

Smart contracts, which are essentially software coded into a specific blockchain, formalize and execute agreements between multiple parties, removing the need for a trusted third-party intermediary, saving time, and allowing a multi-party consensus-based validation. They can be used across a variety of activities, such as wills, chess games and even transferring deeds.  

But despite all the disruptive potential and the highly-touted capabilities blockchain promises, the number of heists targeting smart contracts has risen more than 12-fold over the last two years. If they are so smart, why are we seeing such a massive uptick in heists?

To better understand, let’s clarify the relationship between blockchain and smart contracts.

Decentralization

Think of a blockchain network like Amazon’s AWS platform and each one of its smart contracts as a server. With blockchain, there isn’t a single centralized server for hackers to exploit, making it more difficult for cybercriminals to use traditional hacking methods, such as Trojan horses, physical attacks and ransomware. Blockchain counters these by eliminating a network’s single point of failure.

While a blockchain network can’t exactly be hacked, many distributed apps and smart contracts that blockchain facilitates can. 

Thanks to the gradually growing success and influence of decentralized finance (DeFi), large amounts of value are being funneled through smart contracts, making them appealing to hackers. And this threat will likely only grow as more assets move on-chain with the rise in tokenized real-world assets. Hacking poses a serious threat to this burgeoning blockchain sector because assets nicked from smart contracts are extremely difficult to recover.

Threats to smart contracts

Like all code, smart contracts are subject to human error. These errors can come in the form of typos, misrepresentations of specifications, or more serious mistakes that can be used to hack or “trick” the smart contract. As opposed to blockchain, there is no guarantee that the contracts have been peer-reviewed or validated.

While faulty coding may be avoided by a smart contract audit, other threats are more complex. The default-visibility vulnerability, for example, is a common mistake that occurs when the visibility of functions is not specified and certain functions are left public. For example, hackers could access the mint function and create billions of relevant tokens. Fortunately, this vulnerability can be prevented by running an audit that ensures all functions are set to private by default. 

Another more complicated and serious threat caused by coding errors is a reentrancy attack. This happens when an attacker takes advantage of the smart contract’s external function calls and deploys a malicious smart contract to interact with the one holding the funds. 

In 2016 the DAO incident, which occurred in the early days of Ethereum, demonstrated just how dangerous this type of attack can be and, ultimately, led to the creation of Ethereum Classic. Preventing reentrancy attacks isn’t simple, but there are frameworks and protocols that can mitigate the damage, which include CEI (check, effects and interactions), reentrancy guards and more.

If you’re competent in smart contract code, reading the code itself is always a massive advantage. Just as reading a contract before moving into a new apartment protects you from any surprises, being able to read a smart contract’s code can reveal flaws, malicious functions, or features that don’t work or make sense.

However, if you are an end user who is not particularly tech-savvy, use only smart contracts with publicly accessible code that are widely used. This, as opposed to compiled smart contracts, where the code is hidden and people are unable to review it, is the preferred option.

Addressing smart contract vulnerabilities

Let’s not forget that most smart contract administrators leave themselves some admin privileges, usually to make post-launch changes. To access these privileges, the admins need to use their private keys. These private keys are yet another vulnerability, and if they are not custodied correctly (i.e., in an offline cold vault), hackers who somehow gain access can make changes to the smart contract and funnel the funds anywhere they wish.

Lately, the European Parliament mandated a kill switch mechanism be employed to mitigate damage in the event a smart contract is compromised. While the intention of the regulators was to give people more protection over their own personal data, the act has generated concerns in the Web3 community. 

If not implemented correctly, a kill switch could destroy the entire smart contract and any value stored on it. A better implementation would be to activate a pause function which, in the event of a security threat, could freeze the smart contract and reactivate it once the issue is resolved. 

Should the pause function be implemented, it’s advised that the admin utilize two different private keys. Because once the private key (used to pause the contract) goes online, it becomes vulnerable to attack. As mentioned in my article on the mandate, separating the pause and unpause admin keys and storing them offline strengthens the smart contract’s security by eliminating potential points of failure.

As with all technologies, security threats exist in the DeFi and blockchain ecosystems. Smart contracts certainly have their advantages, as we’ve seen with the emergence of DeFi platforms and protocols, but understanding their vulnerabilities, doing diligent research and following the guidelines set forth in this article can help mitigate them. With time, enhanced security protocols will take shape, strengthening smart contract use cases and ushering in a more robust blockchain ecosystem. 

Shahar Shamai is CTO and cofounder of GK8.